Security

Dr. M. Bilal Qureshi

 Threats

Figure 9-1. Security goals and threats.

Common Categories:

• Casual prying by nontechnical

users.
• Snooping by insiders.
• Determined attempts to make
money.
• Commercial or military espionage.
 Accidental Data Loss

Common causes of accidental data loss:

• Acts of God: fires, floods, earthquakes, wars, riots, or

rats gnawing backup tapes.
• Hardware or software errors: CPU malfunctions,
unreadable disks or tapes, telecommunication errors,
program bugs.
• Human errors: incorrect data entry, wrong tape or CD-
ROM mounted, wrong program run, lost disk or tape, or
some other mistake.
 Basics Of Cryptography

Figure 9-2. Relationship between the plaintext and the ciphertext.

 Secret-Key Cryptography

Monoalphabetic substitution:

Plaintext: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Ciphertext: QWERTYUIOPASDFGHJKLZXCVBNM
 Public-Key Cryptography

• Encryption makes use of an "easy" operation,

such as how much is
314159265358979 × 314159265358979?

• Decryption without the key requires you to

perform a hard operation, such as what is the
square root of
3912571506419387090594828508241?
 Encryption vs. Authentication

• Encrypted information cannot be automatically trusted

• You still need authentication
– Which we can implement using encryption, of course
 Symmetric Key Cryptography

Plain-text input Plain-text output

Cipher-text
“The “The
quick “AxCv;5bmEseTfid quick
brown fox 3)fGsmWe#4^,sdgf brown fox
jumps Mwir3:dkJeTsY8R\ jumps
over the s@!q3%” over the
lazy dog” Encryption Decryptionlazy dog”

Same key
(shared secret)
 Symmetric Pros and Cons

• Strength:
– Simple and really very fast (order of 1000 to 10000 faster
than asymmetric mechanisms)
– Super-fast (and somewhat more secure) if done in
hardware
• Weakness:
– Must agree the key beforehand
– Securely pass the key to the other party
 Public Key Cryptography

• Knowledge of the encryption key doesn’t

give you knowledge of the decryption key
• Receiver of information generates a pair of
keys
– Publish the public key in a directory
• Then anyone can send him messages that
only she can read
 Public Key Encryption
Clear-text Input Clear-text Output
Cipher-text
“The quick “The quick
brown fox “Py75c%bn&*)9|fDe^b brown fox
jumps over DFaq#xzjFr@g5=&nm jumps over
the lazy dog” dFg$5knvMd’rkvegMs the lazy dog”
”

Encryption Decryption

public Different keys private

Recipient’s
Recipient’s
private key
public key
 Public Key Pros and Cons
• Weakness:
– Extremely slow
– Susceptible to “known ciphertext” attack
– Problem of trusting public key (see later on PKI)
• Strength
– Solves problem of passing the key
– Allows establishment of trust context between
parties
 Hybrid Encryption (Real World)
Launch key Symmetric
for nuclear *#$fjda^j
encryption u539!3t
missile
“RedHeat” (e.g. DES) t389E *&\@
is... 5e%32\^kd

Symmetric key Digital

encrypted asymmetrically Envelope
User’s public key (e.g., RSA)
(in certificate)
As above, repeated Digital
for other recipients Envelope
or recovery agents
Randomly-
Generated symmetric
“session” key Other recipient’s or
RNG agent’s public key
(in certificate)
in recovery policy
 Hybrid Decryption

*#$fjda^j Symmetric Launch key

decryption for nuclear
u539!3t
(e.g. DES) missile
t389E *&\@ “RedHeat”
5e%32\^kd is...

Recipient’s Symmetric
private key “session” key
Asymmetric
decryption of Session key must be
“session” key (e.g. RSA) decrypted using the
Digital envelope recipient’s private key
contains “session” key
encrypted using
recipient’s public key
Digital
Envelope
 Creating a Digital Signature
Message or File 128 bits Message Digital Signature
Digest
This is a Jrf843kjfgf*
really long Py75c%bn&*)9|fDe^b £$&Hdif*7o
message DFaq#xzjFr@g5=&n Usd*&@:<C
about mdFg$5knvMd’rkveg HDFHSD(**
Bill’s… Ms”
Hash
Asymmetric
Function
Encryption
(SHA, MD5)

Calculate a short message

private
digest from even a long
input using a one-way Signatory’s
message digest function private key
(hash)
 Verifying a Digital Signature
Digital Signature

Jrf843kjf Asymmetric Py75c%bn&*)

gf*£$&Hd decryption 9|fDe^bDFaq
if*7oUsd (e.g. RSA) #xzjFr@g5=
*&@:<CHD &nmdFg$5kn
FHSD(** vMd’rkvegMs”

Signatory’s public ? == ?
key Are They Same?

Py75c%bn&*)
Same hash function 9|fDe^bDFaq
(e.g. MD5, SHA…) #xzjFr@g5=
Everyone has access to &nmdFg$5kn
trusted public key of the vMd’rkvegMs”
signatory
This is a
really long
message
about Bill’s… Original Message
Authentication Using a Physical Object

Figure 9-20. Use of a smart card for authentication.

Authentication Using Biometrics

Figure 9-21. A device for measuring finger length.

 Malware

Can be used for a form of blackmail.

Example: Encrypts files on victim disk, then
displays message …

Greetings from General Encryption

To purchase a decryption key for your hard disk, please send

$100 in small
unmarked bills to Box 2154, Panama City, Panama.
Thank you. We appreciate your business.
 Types of Viruses

• Companion virus
• Executable program virus
• Parasitic virus
• Memory-resident virus
• Boot sector virus
• Device driver virus
• Macro virus
• Source code virus

Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639
 Parasitic Viruses

Figure 9-28. (a) An executable program. (b) With a virus at the

front. (c) With a virus at the end. (d) With a virus spread over
free space within the program.
 Boot Sector Viruses

Figure 9-29. (a) After the virus has captured all the interrupt and
trap vectors. (b) After the operating system has retaken the
printer interrupt vector. (c) After the virus has noticed the loss
of the printer interrupt vector and recaptured it.
 Spyware (1)

Description:

• Surreptitiously loaded onto a PC without the owner’s

knowledge
• Runs in the background doing things behind the
owner’s back
 Spyware (2)

Characteristics:

• Hides, victim cannot easily find

• Collects data about the user
• Communicates the collected information back to its
distant master
• Tries to survive determined attempts to remove it
 How Spyware Spreads

Possible ways:

• Same as malware, Trojan horse

• Drive-by download, visit an infected web site
• Web pages tries to run an .exe file
• Unsuspecting user installs an infected toolbar
• Malicious activeX controls get installed
 Actions Taken by Spyware

• Change the browser’s home page.

• Modify the browser’s list of favorite (bookmarked) pages.
• Add new toolbars to the browser.
• Change the user’s default media player.
• Change the user’s default search engine.
• Add new icons to the Windows desktop.
• Replace banner ads on Web pages with those the spyware picks.
• Put ads in the standard Windows dialog boxes
• Generate a continuous and unstoppable stream of pop-up ads.
 Types of Rootkits (1)
Hidden Virus, cannot be detected, can be worm,
spyware, virus.
• Firmware rootkits
• Hypervisor rootkits (entire OS and App)
• Kernel rootkits
• Library rootkits
• Application rootkits
 Types of Rootkits (2)

Figure 9-30. Five places a rootkit can hide.

 Firewalls

Figure 9-31. A simplified view of a hardware firewall

protecting a LAN with three computers.
 Virus Scanners (1)

Figure 9-32. (a) A program. (b) An infected program.

(c) A compressed infected program. (d) An encrypted virus.
(e) A compressed virus with encrypted compression code.
Antivirus and Anti-Antivirus Techniques

• Virus scanners
• Integrity checkers
• Behavioral checkers
• Virus avoidance
 Code Signing

Figure 9-34. How code signing works.

 Jailing

Figure 9-35. The operation of a jail.